7.5

CVSS Score

3.1

Basic Information

CVE ID

CVE-2024-41123

GHSA ID

GHSA-r55c-59qm-vjw6

EPSS Score

0.49835%

CWE

CWE-400

Published

8/1/2024

Updated

12/27/2024

KEV Status

Technology

Ruby

Concerned about an active attack path?

Talk to our security experts and see Miggo in action.

Miggo Vulnerability Database

→

CVE-2024-41123

CVE-2024-41123: REXML DoS vulnerability

Impact

The REXML gem before 3.3.2 has some DoS vulnerabilities when it parses an XML that has many specific characters such as whitespace character, >] and ]>.

If you need to parse untrusted XMLs, you may be impacted to these vulnerabilities.

Patches

The REXML gem 3.3.3 or later include the patches to fix these vulnerabilities.

Workarounds

Don't parse untrusted XMLs.

References

https://github.com/ruby/rexml/security/advisories/GHSA-vg3r-rm7w-2xgh : This is a similar vulnerability
https://github.com/ruby/rexml/security/advisories/GHSA-4xqq-m2hx-25v8 : This is a similar vulnerability
https://www.ruby-lang.org/en/news/2024/08/01/dos-rexml-cve-2024-41123/: An announce on www.ruby-lang.org

(GitHub Advisory)

7.5

CVSS Score

3.1

Basic Information

CVE ID

CVE-2024-41123

GHSA ID

GHSA-r55c-59qm-vjw6

EPSS Score

0.49835%

CWE

CWE-400

Published

8/1/2024

Updated

12/27/2024

KEV Status

Technology

Ruby

Technical Details

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Package Name	Ecosystem	Vulnerable Versions	First Patched Version
rexml	rubygems	< 3.3.3	3.3.3

Vulnerability Intelligence
Miggo AI

Root Cause Analysis

The vulnerability stems from inefficient parsing of specific characters (whitespace, '>]', ']>') in REXML. Similar historical vulnerabilities (e.g., CVE-2024-35176) were tied to parsing logic in BaseParser and Text classes. The described DoS behavior suggests unthrottled resource consumption during XML processing. While exact patch details are unavailable, the functions above are core to REXML's parsing workflow and align with the CWE-400/CWE-770 resource exhaustion patterns. Confidence is medium due to reliance on historical patterns and advisory descriptions rather than explicit patch diffs.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

### Imp**t T** R*XML **m ***or* *.*.* **s som* *oS vuln*r**iliti*s w**n it p*rs*s *n XML t**t **s m*ny sp**i*i* ***r**t*rs su** *s w*it*sp*** ***r**t*r, `>]` *n* `]>`. I* you n*** to p*rs* untrust** XMLs, you m*y ** imp**t** to t**s* vuln*r**iliti*

Reasoning

T** vuln*r**ility st*ms *rom in***i*i*nt p*rsin* o* sp**i*i* ***r**t*rs (w*it*sp***, '>]', ']>') in R*XML. Simil*r *istori**l vuln*r**iliti*s (*.*., *V*-****-*****) w*r* ti** to p*rsin* lo*i* in **s*P*rs*r *n* T*xt *l*ss*s. T** **s*ri*** *oS ****vior

7.5

Basic Information

Concerned about an active attack path?

CVE-2024-41123: REXML DoS vulnerability

Impact

Patches

Workarounds

References

7.5

Basic Information

Technical Details

Vulnerability IntelligenceMiggo AI

Root Cause Analysis

Vulnerable functions

WAF Protection Rules

WAF Rule

Reasoning

Vulnerability Intelligence
Miggo AI